Privacy Policy
1. Introduction
1.1. We are committed to protecting the privacy of our website visitors and service users.
1.2. This policy applies when we act as data controller with respect to the personal data of our website visitors and application users; in other words, where we determine the purpose and means of processing that personal data.
1.3. To the extent that cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website. You can read more about our cookie policy.
1.4. Our website contains privacy controls that affect how we will process your personal data. By using the privacy measures, you can indicate whether you wish to receive marketing communications and limit the publication of your information. Under no circumstances will we send you marketing communications without your explicit consent.
1.5. This policy is also applicable on our Microsoft Outlook Add-Ins (Phished - Activation / Phished - Activatie).
1.6. In this policy, “we”, “us” and “our” refer to Phished. Please see section 9 for more information about Phished.
2. How Phished uses your personal information
2.1. In this section 2, we speak about:
- the general categories of personal data that we may process;
- in the case of personal data that we have not obtained directly from you, the source and specific categories of that data;
- the purposes for which we may process personal data and
- the legal basis of the processing.
2.2. We may process data about your use of our website and services (“usage data”). Usage data may include your IP address, geographic location, browser type and version, operating system, referral source, length of visit, page views and web navigation paths, as well as information on the timing, frequency and pattern of your service use. The source of usage data is google analytics and cookies stored in your browser.
This usage data may be processed for the purpose of analyzing the use of the website and services. The legal basis for this processing is consent OR our legitimate interests, namely to monitor and improve our website and services.
2.3. We may process your account information (“Account Information”). Account information may include your name and email address. The source of the account information is you or your employer. Account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining backups of our databases and communicating with you. (No marketing communication will be sent unsolicited)
The legal basis for this processing is consent OR our legitimate interests, namely the proper administration of our website and our business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.4. We may process your information contained in your personal profile on our website (“profile data”). The profile data may include your name, address, telephone number, e-mail address. The profile data may be processed for purposes to enable and monitor your use of our website and services.
The legal basis for this processing is consent OR our legitimate interests, namely the proper management of our website OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.5. We may process your personal data provided in the course of using our services (“Service Data”). The Service Data may include name and email. The source of the Service Data is you or your employer. The Service Data may be processed for the purpose of operating our website, providing our services, ensuring the security of our website and services, maintaining backups of our databases and communicating with you.
The legal basis for this processing is consent OR our legitimate interests, namely the proper management of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.6. We may process information relating to our customer relationships, including customer contact information (“customer relationship data”). Customer Relationship Information may include your name, your employer, your job or position, your contact information and information contained in communications between us and you or your employer. The source of the customer relationship data is you or your employer. The customer relationship data may be processed for the purposes of managing our customer relationships, communicating with customers, keeping track of those communications. The legal basis for this processing is consent OR our legitimate interests, namely the proper management of our customer relationships.
2.7. We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (“transaction data”). Transaction details may include your contact details, your card details and the transaction details. Transaction details may be processed for the purpose of delivering the goods and services purchased and keeping proper records of those transactions. The legal basis for this processing is the execution of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.8. We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“Notification Data”). The notification data may be processed to send you the relevant notifications and/or newsletters. The legal basis for this processing is consent OR performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
2.9. We may process information contained in or relating to any communication you send us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. Our website generates the metadata associated with communications created using the contact forms on the website. The correspondence data can be processed to communicate with you and keep records. The legal basis for this processing is our legitimate interests, namely the proper management of our website and business and communication with users.
2.10. We may process any of your personal data mentioned in this policy if necessary for the establishment, exercise or defence of legal claims, in legal proceedings or in administrative or extrajudicial proceedings. The legal basis for this processing is our legitimate interests, namely the protection and affirmation of our legal rights, your legal rights and the legal rights of others.
2.11. We may process any of your personal data listed in this policy as necessary to obtain or maintain insurance coverage, manage risk or obtain expert advice. The legal basis for such processing is our legitimate interest in the proper protection of our business against risk.
2.12. In addition to the specific purposes for which we may process your personal data as set out in this Section 2, we may also process all of your personal data if such processing is necessary to comply with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.
2.13. Please do not provide us with any other person’s personal data.
3. Providing your personal information to others
3.1. We may disclose your personal information to our insurers and/or professional advisers to the extent reasonably necessary to obtain or maintain insurance coverage, manage risk, obtain professional advice, or establish, exercise or defend legal claims, whether in legal proceedings or administrative or non-legal proceedings.
3.2. We may disclose personal information (limited to name, email, function and department) to our suppliers or subcontractors (identified on Suppliers) to the extent reasonably necessary to do so.
3.3. Financial transactions related to our website and services are OR can be handled by our payment service providers, Mollie, Stripe and Belfius. We will only share transaction details with our payment service providers to the extent necessary to process your payments, refund such payments and deal with complaints and enquiries regarding such payments and refunds. You can find information about the privacy policies and practices of payment service providers on these links: Belfius, Stripe and Mollie.
3.4. Each third party will act as data controller with respect to the research information we provide to him and after contacting you, each such third party will provide you with a copy of his own privacy policy, which will govern the use of your personal information by that third party.
3.5. In addition to the specific disclosures of personal information as set out in this Section 3, we may disclose your personal information when such disclosure is necessary to comply with a legal obligation to which we are subject, or to protect your vital interests or the protection of your interests. We may also disclose your personal information when such disclosure is necessary to establish, exercise or defend legal claims, in court proceedings or in administrative or extra-judicial proceedings.
4. International Transfer
4.1. In this section 4, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
4.2. The hosting facilities for our website are located in the Netherlands. The European Commission has made an ‘adequacy decision’ regarding the data protection legislation of each of these countries. Transfers to each of these countries are protected by appropriate safeguards, namely the use of standard data protection provisions approved or endorsed by the European Commission, a copy of which can be obtained from Kinsta. The service is located in Western Europe, zone 1.
4.3. You acknowledge that personal data that you submit for publication via our website or services may be available worldwide via the Internet. We cannot prevent the use (or misuse) of such personal information by others.
5. Storage and deletion of personal data
5.1. This section 5 describes our data retention policy and procedure, which are designed to help ensure that we comply with our legal obligations regarding the retention and deletion of personal data.
5.2. Personal data that we process for any purpose or purposes should not be kept longer than necessary for that purpose or purposes.
5.3. We store your personal information as follows:
- Personal data will be retained for a minimum period of 36 months after the end date of the contract and for a maximum period of 84 months after the end date.
5.4. Notwithstanding the other provisions of this Section 5, we may retain your personal information when such retention is necessary to comply with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.
6. Changes
6.1. We may update this policy from time to time by posting a new version on our website.
6.2. You should check this page from time to time to ensure that you are happy with any changes to this policy.
6.3. We will notify you of significant changes to this policy by posting it on our site. We also maintain an archive of changes. You can consult this archive by contacting us.
7. Your rights
7.1. In this section 7, we have summarised your rights under the Data Protection Act. Some rights are complex and not all details are included in our summaries. Therefore, you should read the relevant laws and regulatory guidelines for a full explanation of these rights.
7.2. Your most important rights under the Data Protection Act are:
- the right of access;
- the right of rectification;
- the right to erase;
- the right to restrict the processing;
- the right to object to the processing;
- the right to data portability;
- the right to lodge a complaint with a supervisory authority; and
- the right to withdraw consent.
7.3. You have the right to confirm whether or not we process your personal data and, where we do, have access to the personal data, together with certain additional information. This additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Safeguarding the rights and freedoms of others is not affected, we will provide you with a copy of your personal data. You can access your personal data by going to this URL.
7.4. You have the right to have incorrect personal data about you corrected and, taking into account the purposes of processing, to have incomplete personal data about you entered.
7.5. In some circumstances, you have the right to delete your personal data without undue delay. These circumstances include: the personal data is no longer necessary in connection with the purposes for which it was collected or otherwise processed; you withdraw your consent for consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data has been unlawfully processed. However, there are exclusions from the right of deletion. The general exclusions include where processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with a legal obligation; or for instituting, exercising or defending legal claims.
7.6. In some circumstances, you have the right to limit the processing of your personal data. These circumstances are: you contest the accuracy of personal data; the processing is unlawful, but you oppose erasure; we no longer need the personal data for our purposes, but you need personal data for instituting, exercising or defending legal claims; and you have objected to processing, pending verification of that objection. If processing is limited on this basis, we may continue to store your personal data. However, we will only process it differently: with your consent; for the establishment, exercise or defence of legal claims; to protect the rights of another natural or legal person; or for reasons of important public interest.
7.7. You have the right to object to our processing of your personal data for reasons relating to your specific situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority entrusted to us; or the purposes of the legitimate interests pursued by us or by a third party. If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate reasons for the processing that exceed your interests, rights and freedoms, or the processing to establish, exercise or defend legal claims.
7.8. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you object, we will no longer process your personal data for this purpose.
7.9. You have the right to object to our processing of your personal data for scientific or historical research or statistical purposes for reasons relating to your specific situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
7.10. As far as the legal basis for our processing of your personal data is concerned:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract,
and such processing is automated, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where this would harm the rights and freedoms of others.
7.11. If you believe that our processing of your personal data violates data protection laws, you have the legal right to lodge a complaint with a data protection supervisory authority. You may do so in the EU Member State of your habitual residence, workplace or the place of the alleged breach.
In Belgium, this is the privacy commission: https://www.privacycommission.be/nl.
In the United Kingdom, this is ICO: https://ico.org.uk/.
In the Netherlands, this is Autoriteit Persoonsgegevens: https://autoriteitpersoonsgegevens.nl/.
In France, this is CNIL: https://www.cnil.fr/.
7.12. Insofar as the legal basis for our processing of your personal information is consent, you have the right to revoke this consent at any time. Revocation does not affect the lawfulness of the processing prior to revocation.
7.13. You can exercise your rights with regard to your personal data by confirming this to us via the contact form.
8. About cookies
8.1. You can read more about our use of cookies and your rights on the following link: Cookie Link.
9. About Phished
9.1. This website is owned and operated by Phished BV.
9.2. We are registered in Belgium under registration number BE 0735.908.019.
9.3. You can contact us:
(a) via our contact form on the website;
(b) by e-mail, using info@phished.io .
(c) by e-mail to our DPO: privacy@phished.io